#LeaktheAnalyst Hacks Cyber Security Firm

On Sunday, personal details and sensitive information of a cyber security analyst circulated online after it was leaked by a group of hackers, who claimed to have infiltrated the company’s internal network.

Adi Peretz, a Senior Threat Intelligence Analyst at the Virginia-based cyber security firm Mandiant which is owned by FireEye, had both his personal and professional information leaked.

The hacker group, who introduced themselves as 31337 Hackers, posted some cryptic messages on Pastebin together with download links to the stolen files.

“It was fun to be inside a giant company named ‘Mandiant’ we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs.

Now that ‘Mandiant’ knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let’s see how successful they are going to be :D,” a part of the post read.

Hacking a Cyber Security Firm

The exposed files include 32 megabytes of data that contains the following:

One Drive account information

LinkedIn account information

Live account information

Billing records

Paypal receipts

Geo-tracking of personal devices for almost a year

Credentials for an engineering portal at FireEye

WebEx and JIRA portals

Amazon account information

Aside from that, other records related to a possible customer, Bank Hapoalim, and internal documentation and presentations which include one for the Israel Defense Forces from 2016 were also leaked.

A screenshot of the alleged internal documentation and presentations for the Israel Defense Forces | Image source TNW

#LeaktheAnalyst

According to the hackers, their action is just part of an ongoing campaign to expose security researchers and their work called #LeakTheAnalyst operation. At the bottom of their Pastebin post, the alleged hackers said the following:

“Nobody understands the amount of dedication it takes to break into a highly secured network, to bypass every state of the art security measure installed to make a targeted network unbreakable, to code and hack not for the money but for the pleasure of being somewhere no one can be in, to be addicted to pain.

From time to time there is a know-it-all security professional tries to read your sick mind and blow your breach plan up to hell.

For a long time we–the 31337 hackers–tried to avoid these fancy ass ‘Analysts’ whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say fuck the consequence let’s track them on Facebook, Linked-in, Tweeter, etc. let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).”

“We are aware of reports that a Mandiant employee’s social media accounts were compromised. We immediately began investigating this situation and took steps to limit further exposure. Our investigation continues, but thus far it, we have found no evidence FireEye or Mandiant systems were compromised.”

While the real motive behind the hacking incident is still unclear and Mandiant has not given any statement yet, Kaspersky researcher Ido Naor called for all security researchers to harden their machines. In a tweet, Naor said:

“#LeakTheAnalyst is a new operation by a group of hackers, trying to leak researchers data. Make sure you harden your machines and research.”

#leakTheAnalyst is a new operation by a group of hackers, trying to leak researchers data. Make sure you harden your machines and research.